| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
run `fuzz --type pdf_canvas` or `fuzz --type null_canvas` or
`fuzz --type n32_canvas`
Change-Id: Id70179d5578ed1e67006aef7823bf75fc1d7a4a6
Reviewed-on: https://skia-review.googlesource.com/8418
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Hal Canary <halcanary@google.com>
|
|
|
|
|
|
|
|
|
| |
BUG=skia:
Change-Id: Ie7d4fac3024b361a281f456fec2b3a837e2bfe43
Reviewed-on: https://skia-review.googlesource.com/6881
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the fuzzRange not crash if min == max, just set n to be min.
BUG=skia:
Change-Id: I138cefbec9b408d3b35e4258d770e6b396af0e5f
Reviewed-on: https://skia-review.googlesource.com/5305
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4798
Change-Id: Ia93b4eeea82dd04f0c6bd287f61d26086a0aa740
Reviewed-on: https://skia-review.googlesource.com/4798
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=skia:5967
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4751
Change-Id: Ie846560ebdaf11e1a5247842b3549ade1e100af2
Reviewed-on: https://skia-review.googlesource.com/4751
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use this approach instead of T next() because different compilers
evaluate function parameters in different orders. If fuzz->next()
returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
By requiring params to be passed in, we avoid the temptation to call
next() in a way that does not consume fuzzed bytes in a single
platform-independent order.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4392
Change-Id: I35de849f82e8be45378f662a48100eb732fa8895
Reviewed-on: https://skia-review.googlesource.com/4392
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
signalBoring() no longer exists. When the fuzzer runs out of randomness,
it just returns 0. Fuzzers should not go into infinite loops if this
happens. do while loops are particularly error-prone.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3963
Change-Id: Iebcfc14cc6b0a19c5dd015cd39875c81fa44003e
Reviewed-on: https://skia-review.googlesource.com/3963
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
|
|
|
|
|
|
|
| |
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2446643003
Review-Url: https://codereview.chromium.org/2446643003
|
|
|
|
|
|
|
| |
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2447823002
Review-Url: https://codereview.chromium.org/2447823002
|
|
|
|
|
|
|
| |
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2333713002
Review-Url: https://codereview.chromium.org/2333713002
|
|
|
|
|
|
|
|
|
| |
With the move from SkData::NewXXX to SkData::MakeXXX most
SkAutoTUnref<SkData> were changed to sk_sp<SkData>. However,
there are still a few SkAutoTUnref<SkData> around, so clean
them up.
Review-Url: https://codereview.chromium.org/2212493002
|
|
|
|
|
|
|
| |
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2148023002
Review-Url: https://codereview.chromium.org/2148023002
|
|
|
|
|
|
|
|
|
|
| |
This feels rather clunky, because we aren't using the full potential of the
fuzzer, but it works, it seems.
BUG=skia:4969
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1710183002
Review URL: https://codereview.chromium.org/1710183002
|
|
|
|
|
|
|
|
|
| |
This is based on https://codereview.chromium.org/1675053002
BUG=skia:4438
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1702383003
Review URL: https://codereview.chromium.org/1702383003
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of a single ASSERT macro, this switches to two new methods:
- signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing)
- signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)
I'm not seeing any effect on fuzz/s when I just always log verbosely.
signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002
Review URL: https://codereview.chromium.org/1585353002
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Try to start faster:
- remove flags dependency
- print nothing
- strip unused symbols from the binary on Mac (smaller binary)
- only create one fuzz object
- only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.
Good stuff:
- make nextU() / nextF() work
- drop nextURange() / nextFRange() for now
- add nextB() for a single byte
As you may have guessed, I have figured out how to use afl-fuzz on my laptop.
Syntax to run becomes:
$ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003
Review URL: https://codereview.chromium.org/1581203003
|
|
This is designed to have short startup time, for maximum fuzzing throughput.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1589563002
Review URL: https://codereview.chromium.org/1589563002
|